@ohos-graphics/stability-code-review 0.1.0

package/bin/install.js

@@ -0,0 +1,165 @@
+#!/usr/bin/env node
+
+import { cp, mkdir, rm, stat } from 'node:fs/promises';
+import { realpathSync } from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+export const DEFAULT_SKILL_NAME = 'ohos-dev-graphics-stability-code-review';
+
+const PAYLOAD_ENTRIES = [
+  'SKILL.md',
+  'README.md',
+  'config',
+  'references',
+  'scripts',
+];
+
+function defaultTargetRoot()
+{
+  return process.env.OPENCODE_SKILLS_DIR || path.join(os.homedir(), '.config', 'opencode', 'skills');
+}
+
+async function pathExists(targetPath)
+{
+  try {
+    await stat(targetPath);
+    return true;
+  } catch (error) {
+    if (error?.code === 'ENOENT') {
+      return false;
+    }
+    throw error;
+  }
+}
+
+export async function installSkill({
+  packageRoot,
+  targetRoot = defaultTargetRoot(),
+  skillName = DEFAULT_SKILL_NAME,
+  force = false,
+  quiet = false,
+  dryRun = false,
+} = {})
+{
+  if (!packageRoot) {
+    throw new Error('packageRoot is required');
+  }
+
+  const targetDir = path.join(targetRoot, skillName);
+  const exists = await pathExists(targetDir);
+
+  if (exists && !force) {
+    throw new Error(`Skill already exists at ${targetDir}. Re-run with --force to replace it.`);
+  }
+
+  if (!dryRun) {
+    await mkdir(targetRoot, { recursive: true });
+    if (exists) {
+      await rm(targetDir, { recursive: true, force: true });
+    }
+    await mkdir(targetDir, { recursive: true });
+
+    for (const entry of PAYLOAD_ENTRIES) {
+      await cp(path.join(packageRoot, entry), path.join(targetDir, entry), {
+        recursive: true,
+        force: true,
+      });
+    }
+  }
+
+  if (!quiet) {
+    const action = dryRun ? 'Would install' : 'Installed';
+    console.log(`${action} ${DEFAULT_SKILL_NAME} to ${targetDir}`);
+  }
+
+  return { targetDir, entries: [...PAYLOAD_ENTRIES] };
+}
+
+function printHelp()
+{
+  console.log(`OpenHarmony stability code review skill installer
+
+Usage:
+  ohos-stability-skill install [options]
+  npx @ohos-graphics/stability-code-review install [options]
+
+Options:
+  --target <dir>   Skills root directory. Defaults to ~/.config/opencode/skills
+  --name <name>    Installed skill directory name. Defaults to ${DEFAULT_SKILL_NAME}
+  --force          Replace an existing installed skill
+  --dry-run        Print the target path without copying files
+  -h, --help       Show this help
+`);
+}
+
+function parseArgs(argv)
+{
+  const args = [...argv];
+  const options = {};
+
+  if (args[0] === 'install') {
+    args.shift();
+  }
+
+  while (args.length > 0) {
+    const arg = args.shift();
+    if (arg === '-h' || arg === '--help') {
+      options.help = true;
+    } else if (arg === '--force') {
+      options.force = true;
+    } else if (arg === '--dry-run') {
+      options.dryRun = true;
+    } else if (arg === '--target') {
+      options.targetRoot = args.shift();
+    } else if (arg === '--name') {
+      options.skillName = args.shift();
+    } else {
+      throw new Error(`Unknown argument: ${arg}`);
+    }
+  }
+
+  if (options.targetRoot === undefined && argv.includes('--target')) {
+    throw new Error('--target requires a directory');
+  }
+  if (options.skillName === undefined && argv.includes('--name')) {
+    throw new Error('--name requires a skill directory name');
+  }
+
+  return options;
+}
+
+async function main()
+{
+  const options = parseArgs(process.argv.slice(2));
+  if (options.help) {
+    printHelp();
+    return;
+  }
+
+  const binDir = path.dirname(fileURLToPath(import.meta.url));
+  const packageRoot = path.resolve(binDir, '..');
+  await installSkill({ ...options, packageRoot });
+}
+
+function isDirectRun()
+{
+  if (!process.argv[1]) {
+    return false;
+  }
+
+  const currentFile = fileURLToPath(import.meta.url);
+  try {
+    return realpathSync(process.argv[1]) === currentFile;
+  } catch {
+    return path.resolve(process.argv[1]) === currentFile;
+  }
+}
+
+if (isDirectRun()) {
+  main().catch((error) => {
+    console.error(error.message);
+    process.exitCode = 1;
+  });
+}

package/config/rules.yaml

@@ -0,0 +1,445 @@
+rules:
+  异常处理:
+    name: 异常处理
+    description: OpenHarmony 不允许使用异常处理机制，检测代码中的 try/catch/throw；异常分支处理不当、返回值校验缺失等稳定性问题
+    enabled: true
+    rules:
+      StabilityCodeReview_ExceptionHandling_001:
+        enabled: true
+        id: StabilityCodeReview_ExceptionHandling_001
+        name: 禁止异常处理机制
+        severity: MEDIUM
+        description: OpenHarmony 不允许使用 C++ 异常处理机制，检测代码中的 try/catch/throw
+        reference: ExceptionHandling/StabilityCodeReview_ExceptionHandling_001.md
+      StabilityCodeReview_ExceptionHandling_002:
+        enabled: true
+        id: StabilityCodeReview_ExceptionHandling_002
+        name: 异常分支应正确处理
+        severity: MEDIUM
+        description: 异常处理分支应该有合适的处理方式，不能静默忽略或遗漏return，否则可能导致程序继续执行后续逻辑引发更严重问题
+        reference: ExceptionHandling/StabilityCodeReview_ExceptionHandling_002.md
+      StabilityCodeReview_ExceptionHandling_003:
+        enabled: true
+        id: StabilityCodeReview_ExceptionHandling_003
+        name: 需校验函数返回值
+        severity: HIGH
+        description: 当函数的返回值表示操作成功与否时，必须校验返回值。忽略返回值可能导致错误未被发现，使用未初始化的输出参数，程序继续执行可能引发更严重的问题
+        reference: ExceptionHandling/StabilityCodeReview_ExceptionHandling_003.md
+  并发稳定性:
+    name: 并发稳定性
+    description: 检测并发相关的稳定性风险（死锁、线程池耗尽、任务堆积等）
+    enabled: true
+    rules:
+      StabilityCodeReview_ConcurrencyStability_001:
+        enabled: true
+        id: StabilityCodeReview_ConcurrencyStability_001
+        name: 多线程场景线程安全设计缺失
+        severity: HIGH
+        description: 在多线程场景下，共享数据的访问如果没有做好线程安全设计，会导致数据竞争、内存不一致等问题，引发程序崩溃、数据损坏等严重稳定性问题
+        reference: ConcurrencyStability/StabilityCodeReview_ConcurrencyStability_001.md
+      StabilityCodeReview_ConcurrencyStability_002:
+        enabled: true
+        id: StabilityCodeReview_ConcurrencyStability_002
+        name: 智能指针线程安全问题
+        severity: HIGH
+        description: 智能指针不是线程安全的，对于同一个shared_ptr或sptr对象，允许多线程同时读，但是不允许多线程又读又写，否则会导致数据竞争、引用计数错误、内存泄漏或UAF
+        reference: ConcurrencyStability/StabilityCodeReview_ConcurrencyStability_002.md
+      StabilityCodeReview_ConcurrencyStability_003:
+        enabled: true
+        id: StabilityCodeReview_ConcurrencyStability_003
+        name: std::atomic时序问题
+        severity: MEDIUM
+        description: std::atomic可以保证操作的原子性，但是不能保证时序，使用std::atomic需要检验代码的时序是否正确，配合适当的内存序(memory_order)使用
+        reference: ConcurrencyStability/StabilityCodeReview_ConcurrencyStability_003.md
+      StabilityCodeReview_ConcurrencyStability_004:
+        enabled: true
+        id: StabilityCodeReview_ConcurrencyStability_004
+        name: 加锁后返回引用或裸指针
+        severity: HIGH
+        description: 加锁后返回引用类型或裸指针类型极易引入并发风险或内存风险，应避免使用。锁释放后，返回的引用或裸指针可能指向已被其他线程修改或释放的数据
+        reference: ConcurrencyStability/StabilityCodeReview_ConcurrencyStability_004.md
+      StabilityCodeReview_ConcurrencyStability_005:
+        enabled: true
+        id: StabilityCodeReview_ConcurrencyStability_005
+        name: RenderNodeDrawable全局变量写入
+        severity: HIGH
+        description: RenderNodeDrawable中应避免写入全局变量，若必须使用则应加锁保护避免并发。全局变量在多线程环境下并发写入会导致数据竞争、状态不一致等问题
+        reference: ConcurrencyStability/StabilityCodeReview_ConcurrencyStability_005.md
+  性能稳定性:
+    name: 性能稳定性
+    description: 检测性能相关的稳定性风险（无限循环、大循环、递归深度等）
+    enabled: true
+    rules:
+      StabilityCodeReview_PerformanceStability_001:
+        enabled: true
+        id: StabilityCodeReview_PerformanceStability_001
+        name: 递归条件未考虑充分导致无限递归
+        severity: HIGH
+        description: 递归函数必须确保终止条件充分且正确，否则会导致无限递归，引发栈溢出崩溃。终止条件应覆盖所有可能的边界情况，确保递归能够正常终止
+        reference: PerformanceStability/StabilityCodeReview_PerformanceStability_001.md
+      StabilityCodeReview_PerformanceStability_002:
+        enabled: true
+        id: StabilityCodeReview_PerformanceStability_002
+        name: 间接递归风险
+        severity: HIGH
+        description: 间接递归（A调用B，B调用A）可能导致无限循环或栈溢出。与直接递归不同，间接递归更隐蔽，容易被忽视。长时间运行或深度递归会耗尽栈空间，引发程序崩溃
+        reference: PerformanceStability/StabilityCodeReview_PerformanceStability_002.md
+  资源管理:
+    name: 资源管理
+    description: 检测资源泄漏导致的稳定性风险（文件句柄、数据库连接、缓存等）
+    enabled: true
+    rules:
+      StabilityCodeReview_ResourceManagement_001:
+        enabled: true
+        id: StabilityCodeReview_ResourceManagement_001
+        name: 反序列化内存泄漏
+        severity: HIGH
+        description: 在反序列化过程中申请的内存在异常分支未及时释放，造成内存泄漏。反序列化代码中常见的模式是先申请内存，然后读取数据填充，如果读取过程中发生错误，需要正确释放已申请的内存
+        reference: ResourceManagement/StabilityCodeReview_ResourceManagement_001.md
+      StabilityCodeReview_ResourceManagement_002:
+        enabled: true
+        id: StabilityCodeReview_ResourceManagement_002
+        name: dlopen需配对dlclose
+        severity: HIGH
+        description: 使用dlopen动态加载共享库函数后，需要使用dlclose进行关闭，否则存在资源泄露。未关闭的动态库会占用系统资源，多次加载但不关闭会导致资源累积，影响系统稳定性
+        reference: ResourceManagement/StabilityCodeReview_ResourceManagement_002.md
+      StabilityCodeReview_ResourceManagement_003:
+        enabled: true
+        id: StabilityCodeReview_ResourceManagement_003
+        name: 禁止智能指针get初始化另一个智能指针
+        severity: CRITICAL
+        description: 禁止使用get初始化或赋值给另一个智能指针。从智能指针get()获取的裸指针再用来创建另一个智能指针，会导致两个智能指针管理同一个资源，析构时产生重复释放，造成程序崩溃
+        reference: ResourceManagement/StabilityCodeReview_ResourceManagement_003.md
+      StabilityCodeReview_ResourceManagement_004:
+        enabled: true
+        id: StabilityCodeReview_ResourceManagement_004
+        name: 谨慎使用static_pointer_cast
+        severity: MEDIUM
+        description: 谨慎使用std::static_pointer_cast，子类转父类时几乎无需使用（shared_ptr支持隐式向上转换），父类转子类时必须要100%确定父类指针实际指向的是一个子类对象，否则会导致类型错误和未定义行为
+        reference: ResourceManagement/StabilityCodeReview_ResourceManagement_004.md
+      StabilityCodeReview_ResourceManagement_005:
+        enabled: true
+        id: StabilityCodeReview_ResourceManagement_005
+        name: 文件描述符泄漏
+        severity: HIGH
+        description: 文件描述符fd资源需要确保申请和释放一一对应，遗漏释放会造成fd泄露，重复释放会造成double free。fd泄漏会导致系统资源耗尽，影响后续文件操作
+        reference: ResourceManagement/StabilityCodeReview_ResourceManagement_005.md
+      StabilityCodeReview_ResourceManagement_006:
+        enabled: true
+        id: StabilityCodeReview_ResourceManagement_006
+        name: JSON对象未关闭泄漏
+        severity: MEDIUM
+        description: 使用json库相关操作完毕后应记得使用close释放内存，否则会造成内存泄漏。json对象占用的内存如果不及时释放，会导致内存资源累积
+        reference: ResourceManagement/StabilityCodeReview_ResourceManagement_006.md
+      StabilityCodeReview_ResourceManagement_007:
+        enabled: true
+        id: StabilityCodeReview_ResourceManagement_007
+        name: 智能指针与裸指针混用
+        severity: CRITICAL
+        description: C++标准库智能指针、sptr、裸指针任意两两不能混用。混用会导致所有权混乱、重复释放、内存泄漏等问题。应统一使用同一种智能指针类型管理资源
+        reference: ResourceManagement/StabilityCodeReview_ResourceManagement_007.md
+  初始化顺序:
+    name: 初始化顺序
+    description: 检测静态初始化顺序问题和未初始化使用风险
+    enabled: true
+    rules:
+      StabilityCodeReview_InitializationOrder_001:
+        enabled: true
+        id: StabilityCodeReview_InitializationOrder_001
+        name: 类的数据成员需要显式初始化
+        severity: MEDIUM
+        description: 类的数据成员如果没有显式初始化，且该类型没有默认构造函数，可能导致未定义行为或程序崩溃。即使是POD类型（如int、指针等），不显式初始化也会导致成员值不确定，在后续使用时可能产生不可预期的结果
+        reference: InitializationOrder/StabilityCodeReview_InitializationOrder_001.md
+  边界条件:
+    name: 边界条件
+    description: 检测边界条件处理不当导致的稳定性风险（空容器、极端输入等）
+    enabled: true
+    rules:
+      StabilityCodeReview_BoundaryCondition_001:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_001
+        name: Parcel数据不可作为循环或递归条件
+        severity: CRITICAL
+        description: 从Parcel中读取的数据不可信，不能直接作为循环或递归的条件，必须进行上限保护处理。恶意构造的Parcel数据可能包含超大数值，导致死循环、栈溢出或拒绝服务攻击
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_001.md
+      StabilityCodeReview_BoundaryCondition_002:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_002
+        name: Parcel数据不可直接作为数组下标
+        severity: CRITICAL
+        description: 从Parcel中读取的不可信数据不可以直接作为固定大小数组的下标值访问，否则可能造成数组越界访问，导致内存破坏、程序崩溃或安全漏洞
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_002.md
+      StabilityCodeReview_BoundaryCondition_003:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_003
+        name: Parcel数据不可直接作为内存申请大小
+        severity: HIGH
+        description: 从Parcel中读取的数据不可信，不能直接作为内存申请大小的值，否则可能造成内存超大申请，导致内存耗尽、程序崩溃或拒绝服务攻击
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_003.md
+      StabilityCodeReview_BoundaryCondition_004:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_004
+        name: 容器size增长的对外接口应限制上限
+        severity: HIGH
+        description: 会导致容器size增大的对外接口，应该限制容器size的上限，防止外部恶意攻击申请过大内存。外部输入可能包含恶意构造的数据，导致容器无限增长，造成内存耗尽或拒绝服务
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_004.md
+      StabilityCodeReview_BoundaryCondition_005:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_005
+        name: Parcel整数转枚举需校验有效性
+        severity: MEDIUM
+        description: 从Parcel中读取的整数不能直接转化为枚举类，需要校验值的有效性。未经验证的枚举值转换可能导致未定义行为、程序逻辑错误或安全漏洞
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_005.md
+      StabilityCodeReview_BoundaryCondition_006:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_006
+        name: 除法和模运算需做除零保护
+        severity: CRITICAL
+        description: 除法运算和模运算需要做除零保护，除数为零会导致程序崩溃或未定义行为。从外部输入获取的除数必须在进行运算前进行非零检查
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_006.md
+      StabilityCodeReview_BoundaryCondition_007:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_007
+        name: Parcel序列化和反序列化必须匹配
+        severity: HIGH
+        description: Parcel的序列化和反序列化必须完全匹配，包括顺序、类型和数量。不匹配的序列化/反序列化会导致数据错误、内存越界读取或程序崩溃
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_007.md
+      StabilityCodeReview_BoundaryCondition_008:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_008
+        name: 容器erase后需正确更新迭代器
+        severity: HIGH
+        description: 容器erase后需要正确更新迭代器，避免使用失效的迭代器。erase操作会使当前迭代器失效，继续使用会导致未定义行为、程序崩溃或内存访问错误
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_008.md
+      StabilityCodeReview_BoundaryCondition_009:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_009
+        name: 外部数据类型转换需范围检查
+        severity: HIGH
+        description: 对外部数据进行类型转换前需要进行范围检查，避免整数溢出、整数回绕。不安全的类型转换可能导致数据截断、溢出或符号错误，造成程序逻辑错误或安全漏洞
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_009.md
+      StabilityCodeReview_BoundaryCondition_010:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_010
+        name: 容器find返回迭代器需校验有效性
+        severity: HIGH
+        description: 容器find返回的迭代器在使用前需要先校验有效性，直接使用可能为end()的迭代器会导致未定义行为、程序崩溃或内存访问错误
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_010.md
+      StabilityCodeReview_BoundaryCondition_011:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_011
+        name: 加减乘除运算应避免类型溢出
+        severity: HIGH
+        description: 加减乘除运算应避免类型溢出或回绕。整数运算溢出会导致结果错误、程序逻辑异常，甚至引发安全漏洞。应使用安全的运算方式或检查运算范围
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_011.md
+      StabilityCodeReview_BoundaryCondition_012:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_012
+        name: json库获取键值前需判断类型
+        severity: MEDIUM
+        description: 使用json库获取键值内容前应先判断类型是否匹配、键值是否存在。未判断类型直接获取可能导致类型错误、程序异常或崩溃
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_012.md
+      StabilityCodeReview_BoundaryCondition_013:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_013
+        name: json库类型转换前需校验参数类型
+        severity: MEDIUM
+        description: 使用json库获取键值后，在进行类型转换前应先校验参数类型。类型不匹配的转换会导致数据错误、程序异常或崩溃
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_013.md
+      StabilityCodeReview_BoundaryCondition_014:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_014
+        name: 类型强制转换需校验范围
+        severity: HIGH
+        description: 类型强制转换未校验，可能导致越界读。不安全的类型转换可能截断数据、改变符号或导致数值超出目标类型范围，造成程序错误或安全漏洞
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_014.md
+      StabilityCodeReview_BoundaryCondition_015:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_015
+        name: 数组下标计算需避免整数回绕
+        severity: HIGH
+        description: 数组下标的计算应避免整数回绕导致内存越界访问。整数回绕可能产生负数下标或超大下标，导致数组越界访问、内存破坏或程序崩溃
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_015.md
+      StabilityCodeReview_BoundaryCondition_016:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_016
+        name: 内存操作越界风险
+        severity: CRITICAL
+        description: 代码在执行内存拷贝、指针偏移、数组索引等内存操作时，长度、偏移或下标参数来自外部可控输入，未校验其是否在目标缓冲区的有效范围内，攻击者构造特定输入可触发越界读/写
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_016.md
+      StabilityCodeReview_BoundaryCondition_017:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_017
+        name: 返回值类型不匹配风险
+        severity: MEDIUM
+        description: 函数返回值类型与接收变量类型不匹配可能导致隐式类型转换、数值截断、符号扩展错误等问题，导致数据错误、逻辑异常
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_017.md
+      StabilityCodeReview_BoundaryCondition_018:
+        enabled: true
+        id: StabilityCodeReview_BoundaryCondition_018
+        name: JSON解析安全风险
+        severity: HIGH
+        description: JSON解析存在多种安全风险：解析深度过大导致栈溢出、超大JSON导致内存耗尽、未捕获解析异常、键不存在导致的空指针访问、类型不匹配导致的类型混淆
+        reference: BoundaryCondition/StabilityCodeReview_BoundaryCondition_018.md
+  生命周期:
+    name: 生命周期
+    description: 检测对象生命周期管理不当导致的稳定性风险
+    enabled: true
+    rules:
+      StabilityCodeReview_Lifecycle_001:
+        enabled: true
+        id: StabilityCodeReview_Lifecycle_001
+        name: 返回引用的函数返回局部变量
+        severity: CRITICAL
+        description: 返回值类型是引用的函数，不应该返回局部变量，否则存在UAF(Use-After-Free)产生未定义行为。当函数返回局部变量的引用时，由于局部变量在函数返回后即被销毁，调用者获取的引用将指向已释放的栈内存
+        reference: Lifecycle/StabilityCodeReview_Lifecycle_001.md
+      StabilityCodeReview_Lifecycle_002:
+        enabled: true
+        id: StabilityCodeReview_Lifecycle_002
+        name: 获取临时变量指针
+        severity: HIGH
+        description: 不建议获取临时变量的指针，容易出现未定义行为。临时变量（临时对象、右值）的生命周期通常很短，在表达式结束时即被销毁。获取临时变量的指针并在表达式结束后使用，会导致悬垂指针
+        reference: Lifecycle/StabilityCodeReview_Lifecycle_002.md
+  内存稳定性:
+    name: 内存稳定性
+    description: 检测内存相关的稳定性风险（内存泄漏、OOM、碎片化等）
+    enabled: true
+    rules:
+      StabilityCodeReview_MemoryStability_001:
+        enabled: true
+        id: StabilityCodeReview_MemoryStability_001
+        name: 内存分配失败判空检查
+        severity: CRITICAL
+        description: 内存分配函数（malloc、calloc、realloc、new）在内存不足时返回 nullptr，若未检查返回值直接解引用，将导致空指针解引用，引发进程崩溃或拒绝服务
+        reference: MemoryStability/StabilityCodeReview_MemoryStability_001.md
+      StabilityCodeReview_MemoryStability_002:
+        enabled: true
+        id: StabilityCodeReview_MemoryStability_002
+        name: 指针解引用前判空
+        severity: CRITICAL
+        description: 对指针进行解引用操作（*ptr、ptr->、ptr[index]）前未进行空指针检查，可能导致空指针解引用崩溃（SIGSEGV）。这是OpenHarmony系统中最常见的稳定性问题之一，会导致服务崩溃、用户数据丢失
+        reference: MemoryStability/StabilityCodeReview_MemoryStability_002.md
+      StabilityCodeReview_MemoryStability_003:
+        enabled: true
+        id: StabilityCodeReview_MemoryStability_003
+        name: 异常分支内存未及时释放
+        severity: HIGH
+        description: 异常分支内存未及时释放导致内存泄漏。在异常处理分支（如return、break、continue）退出前，应确保已申请的内存被正确释放，否则会造成内存资源累积泄漏
+        reference: MemoryStability/StabilityCodeReview_MemoryStability_003.md
+      StabilityCodeReview_MemoryStability_004:
+        enabled: true
+        id: StabilityCodeReview_MemoryStability_004
+        name: 多返回路径资源泄漏
+        severity: HIGH
+        description: 代码使用裸指针 new / malloc 或需显式关闭的资源（句柄、文件描述符、互斥锁）时，在函数存在多条返回路径时未在所有路径上释放，造成内存泄漏、句柄泄漏、锁未释放
+        reference: MemoryStability/StabilityCodeReview_MemoryStability_004.md
+      StabilityCodeReview_MemoryStability_005:
+        enabled: true
+        id: StabilityCodeReview_MemoryStability_005
+        name: double-free问题
+        severity: CRITICAL
+        description: 同一指针在多条代码路径被多次释放，或释放后未置空导致后续再次释放，引发内存管理混乱、堆内存结构损坏
+        reference: MemoryStability/StabilityCodeReview_MemoryStability_005.md
+      StabilityCodeReview_MemoryStability_006:
+        enabled: true
+        id: StabilityCodeReview_MemoryStability_006
+        name: use-after-free问题
+        severity: CRITICAL
+        description: 指针被释放后，后续代码仍对其进行解引用、成员访问或传递给其他函数，导致访问已释放的内存，可能引发崩溃或安全漏洞
+        reference: MemoryStability/StabilityCodeReview_MemoryStability_006.md
+      StabilityCodeReview_MemoryStability_007:
+        enabled: true
+        id: StabilityCodeReview_MemoryStability_007
+        name: 函数返回指针未检查NULL
+        severity: CRITICAL
+        description: 函数返回指针类型时可能返回NULL表示错误或特殊情况，调用方未检查返回值直接使用会导致空指针解引用，引发程序崩溃或拒绝服务
+        reference: MemoryStability/StabilityCodeReview_MemoryStability_007.md
+  图形稳定性:
+    name: 图形稳定性
+    description: 检测图形系统相关的稳定性风险（GPU资源管理、线程访问限制、RS进程安全等）
+    enabled: true
+    rules:
+      StabilityCodeReview_GraphicsStability_001:
+        enabled: true
+        id: StabilityCodeReview_GraphicsStability_001
+        name: VulkanCleanUpHelper引用计数管理
+        severity: HIGH
+        description: MakeFromBackendTexture或BuildFromTexture创建资源时应正确使用VulkanCleanUpHelper管理引用计数，即首次传入cleanUpHelper，后续传入cleanUpHelper->ref()，这样才能正确维护底层VkImage的生命周期，避免GPU发生UAF问题
+        reference: GraphicsStability/StabilityCodeReview_GraphicsStability_001.md
+      StabilityCodeReview_GraphicsStability_002:
+        enabled: true
+        id: StabilityCodeReview_GraphicsStability_002
+        name: VulkanCleanUpHelper与SharedContext引用计数混用
+        severity: HIGH
+        description: VulkanCleanUpHelper与SharedContext分属两套引用计数管理，不能混用。混用会导致引用计数混乱、GPU资源提前释放或泄漏，引发UAF或资源耗尽问题
+        reference: GraphicsStability/StabilityCodeReview_GraphicsStability_002.md
+      StabilityCodeReview_GraphicsStability_003:
+        enabled: true
+        id: StabilityCodeReview_GraphicsStability_003
+        name: RS主线程禁止使用RenderNodeDrawable
+        severity: HIGH
+        description: RS主线程不能使用RenderNodeDrawable，只能产生RenderNodeDrawable。主线程使用RenderNodeDrawable会导致线程角色混乱、数据竞争等问题
+        reference: GraphicsStability/StabilityCodeReview_GraphicsStability_003.md
+      StabilityCodeReview_GraphicsStability_004:
+        enabled: true
+        id: StabilityCodeReview_GraphicsStability_004
+        name: RSUniRenderThread禁止访问RenderNode
+        severity: HIGH
+        description: RSUniRenderThread类不能访问RenderNode。RSUniRenderThread类访问RenderNode会导致线程访问越界、数据竞争或崩溃问题
+        reference: GraphicsStability/StabilityCodeReview_GraphicsStability_004.md
+      StabilityCodeReview_GraphicsStability_005:
+        enabled: true
+        id: StabilityCodeReview_GraphicsStability_005
+        name: RS主线程禁止GPU Context操作
+        severity: HIGH
+        description: RS主线程不能做任何与GPU Context相关的操作。主线程执行GPU操作会导致线程阻塞、渲染异常或崩溃
+        reference: GraphicsStability/StabilityCodeReview_GraphicsStability_005.md
+      StabilityCodeReview_GraphicsStability_006:
+        enabled: true
+        id: StabilityCodeReview_GraphicsStability_006
+        name: Surface/Image跨线程跨Context操作风险
+        severity: HIGH
+        description: Surface/Image应尽量避免跨线程/跨Context操作，如果必须多线程访问，应首先考虑使用BackendTexture创建新的Surface/Image，否则必须要保证Surface/Image在同一把锁的保护范围内
+        reference: GraphicsStability/StabilityCodeReview_GraphicsStability_006.md
+      StabilityCodeReview_GraphicsStability_007:
+        enabled: true
+        id: StabilityCodeReview_GraphicsStability_007
+        name: Surface/Image创建释放线程一致性
+        severity: HIGH
+        description: Surface/Image涉及GPU资源，创建和释放应处于同一线程。跨线程创建释放会导致GPU资源管理混乱、资源泄漏或UAF问题
+        reference: GraphicsStability/StabilityCodeReview_GraphicsStability_007.md
+      StabilityCodeReview_GraphicsStability_008:
+        enabled: true
+        id: StabilityCodeReview_GraphicsStability_008
+        name: GetBackendTexture线程限制
+        severity: HIGH
+        description: Surface/Image只能在其创建的线程中使用GetBackendTexture。在其他线程调用GetBackendTexture会导致GPU资源访问越界、崩溃或数据损坏
+        reference: GraphicsStability/StabilityCodeReview_GraphicsStability_008.md
+      StabilityCodeReview_GraphicsStability_009:
+        enabled: true
+        id: StabilityCodeReview_GraphicsStability_009
+        name: RSRenderNodeMap线程访问限制
+        severity: HIGH
+        description: RSRenderNodeMap只能在RS主线程访问，不允许在其它线程访问。其他线程访问RSRenderNodeMap会导致数据竞争、崩溃或渲染异常
+        reference: GraphicsStability/StabilityCodeReview_GraphicsStability_009.md
+      StabilityCodeReview_GraphicsStability_010:
+        enabled: true
+        id: StabilityCodeReview_GraphicsStability_010
+        name: 回调函数执行进程限制
+        severity: HIGH
+        description: 应用进程传入的回调函数不能在RS进程中执行，只能在应用进程执行。在RS进程执行应用回调会导致进程隔离被破坏、权限越界或崩溃
+        reference: GraphicsStability/StabilityCodeReview_GraphicsStability_010.md
+      StabilityCodeReview_GraphicsStability_011:
+        enabled: true
+        id: StabilityCodeReview_GraphicsStability_011
+        name: Vulkan信号量导出fd生命周期管理
+        severity: HIGH
+        description: 使用GetFenceFdFromSemaphore、vkGetSemaphoreFdKHR等接口从vulkan信号量中导出fd后，fd由调用方负责关闭。最佳实践是在判断fd合法后，立刻用sptr<SyncFence>智能指针包裹，由该智能指针接管fd生命周期，在智能指针释放时会自动关闭fd。若实在无法使用SyncFence类型，须非常谨慎处理每一处函数/作用域出口，确保手动释放fd，避免fd泄漏。
+        reference: GraphicsStability/StabilityCodeReview_GraphicsStability_011.md
+      StabilityCodeReview_GraphicsStability_012:
+        enabled: true
+        id: StabilityCodeReview_GraphicsStability_012
+        name: SyncFence智能指针缓存管理
+        severity: HIGH
+        description: 使用GetFenceFdFromSemaphore、vkGetSemaphoreFdKHR等接口从vulkan信号量中导出的fd由智能指针sptr<SyncFence>接管生命周期后，需检验该智能指针是否被存于缓存中，若存在缓存逻辑，需确保缓存的释放逻辑完整且正确、释放时机合理，避免缓存遗漏清理导致内存泄漏与fd泄漏。
+        reference: GraphicsStability/StabilityCodeReview_GraphicsStability_012.md

package/config/whitelist.yaml

@@ -0,0 +1,52 @@
+# OpenHarmony 稳定性扫描白名单配置
+#
+# 用途:
+#   1. 全局路径白名单：跳过特定目录或文件
+#   2. 规则级白名单：针对特定规则的误报排除
+#
+# 使用方式:
+#   1. 修改本文件添加白名单路径/模式
+#   2. 扫描时自动加载白名单配置
+
+global:
+  # 全局路径白名单（包含这些路径的文件将被跳过）
+  paths:
+    - "test/"
+    - "tests/"
+    - "unittest/"
+    - "mock/"
+    - "mocks/"
+    - "example/"
+    - "examples/"
+    - "samples/"
+    - "build/"
+    - "out/"
+    - ".git/"
+  
+  # 全局文件模式白名单
+  patterns:
+    - "*_test.cpp"
+    - "*_test.h"
+    - "*_unittest.cpp"
+    - "*_unittest.h"
+    - "*_fuzztest.cpp"
+    - "*_fuzztest.h"
+    - "*.pb.cc"
+    - "*.pb.h"
+    - "*.generated.*"
+    - "*.auto.*"
+
+# 规则级白名单
+# 格式: 
+#   rules:
+#     RULE_ID:
+#       patterns:
+#         - "pattern1"
+#         - "pattern2"
+#
+# 示例:
+# rules:
+#   StabilityCodeReview_ExceptionHandling_001:
+#     patterns:
+#       - "已知异常处理框架"
+#       - "第三方库catch块"